Hello Howard,
Does Tapestry provide any way to do this on input, even if it is just for
all form data that is submitted? Perhaps being able to wire an interceptor
of some form in?
Thanks,
Eric
On Thu, Aug 21, 2008 at 11:57 AM, Eric Rogers <[EMAIL PROTECTED]> wrote:
> Hello Howard,
>
> Thanks for the information.
>
> Thanks,
>
> Eric
>
>
>
> On Tue, Aug 19, 2008 at 1:18 PM, Howard Lewis Ship <[EMAIL PROTECTED]>wrote:
>
>> Tapestry mostly captures this on the output side; that is, when you
>> output a string (using, say ${property} expansion), the output is
>> filtered; the key HTML entities, "<", "&" and ">", are converted to
>> proper entities: "<", etc.
>>
>> On Tue, Aug 19, 2008 at 11:11 AM, Eric Rogers <[EMAIL PROTECTED]>
>> wrote:
>> > Hello All,
>> >
>> > I am using Tapestry 5.0.14 and am looking to filter input in my Tapestry
>> > application for characters related to cross-site scripting. Some input
>> is
>> > from regular form submission, while other input is received using AJAX
>> event
>> > listeners and JSON. I realize that one can use a custom translator to
>> scrub
>> > any unwanted characters from input for a given field. However, I was
>> > wondering if anyone has come across a more general pattern or strategy
>> to do
>> > this for both form and JSON input without having to explicitly define a
>> > translator for form fields, and manually call some method to do the same
>> for
>> > a JSONObject.
>> >
>> > Thanks,
>> >
>> > Eric
>> >
>>
>>
>>
>> --
>> Howard M. Lewis Ship
>>
>> Creator Apache Tapestry and Apache HiveMind
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>
>
